Files
@ 953220eb406f
Branch filter:
Location: ohnobinki_overlay/net-misc/whois/files/whois-4.7.26-gentoo-security.patch - annotation
953220eb406f
2.8 KiB
text/x-diff
dev-libs/libstrl: Support the static-libs useflag.
(Portage version: 2.2.0_alpha2-r1/hg/Linux x86_64, signed Manifest commit with key 6BA81050)
(Portage version: 2.2.0_alpha2-r1/hg/Linux x86_64, signed Manifest commit with key 6BA81050)
c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c c49126f7ac6c | --- whois-4.7.26/whois.c
+++ whois-4.7.26/whois.c
@@ -87,7 +87,7 @@
/* RIPE flags */
if (strchr(ripeflags, ch)) {
for (p = fstring; *p; p++);
- sprintf(p--, "-%c ", ch);
+ snprintf(p--, sizeof(fstring), "-%c ", ch);
continue;
}
if (strchr(ripeflagsp, ch)) {
@@ -141,10 +141,10 @@
while (1) {
qslen += strlen(*argv) + 1 + 1;
qstring = realloc(qstring, qslen);
- strcat(qstring, *argv++);
+ strncat(qstring, *argv++, qslen-1);
if (argc == 1)
break;
- strcat(qstring, " ");
+ strncat(qstring, " ", qslen-1);
argc--;
}
}
@@ -467,8 +467,10 @@
char *buf, *p;
int i, isripe = 0;
+ /* buflen was always 0 in original patch and buf was allocated twice /Aye */
/* 64 bytes reserved for server-specific flags added later */
- buf = malloc(strlen(flags) + strlen(query) + strlen(client_tag) + 64);
+ int buflen = strlen(flags) + strlen(query) + strlen(client_tag) + 64;
+ buf = malloc(buflen);
*buf = '\0';
for (i = 0; ripe_servers[i]; i++)
if (streq(server, ripe_servers[i])) {
@@ -481,7 +483,7 @@
if (*flags) {
if (!isripe && !streq(server, "whois.corenic.net"))
puts(_("Warning: RIPE flags used with a traditional server."));
- strcat(buf, flags);
+ strncat(buf, flags, buflen-1);
}
#ifdef HAVE_LIBIDN
@@ -490,28 +492,28 @@
*/
if (streq(server, "whois.denic.de") && domcmp(query, ".de")
&& !strchr(query, ' ') && !*flags)
- sprintf(buf, "-T dn,ace -C US-ASCII %s", query);
+ snprintf(buf, buflen-1, "-T dn,ace -C US-ASCII %s", query);
else
/* here we have another registrar who could not make things simple
* -C sets the language for both input and output
*/
if (!isripe && streq(server, "whois.cat") && domcmp(query, ".cat")
&& !strchr(query, ' '))
- sprintf(buf, "-C US-ASCII ace %s", query);
+ snprintf(buf, buflen-1, "-C US-ASCII ace %s", query);
else
#endif
if (!isripe && (streq(server, "whois.nic.mil") ||
streq(server, "whois.nic.ad.jp")) &&
strncaseeq(query, "AS", 2) && isasciidigit(query[2]))
/* FIXME: /e is not applied to .JP ASN */
- sprintf(buf, "AS %s", query + 2); /* fix query for DDN */
+ snprintf(buf, buflen-1, "AS %s", query + 2); /* fix query for DDN */
else if (!isripe && (streq(server, "whois.nic.ad.jp") ||
streq(server, "whois.jprs.jp"))) {
char *lang = getenv("LANG"); /* not a perfect check, but... */
if (!lang || !strneq(lang, "ja", 2))
- sprintf(buf, "%s/e", query); /* ask for english text */
+ snprintf(buf, buflen-1, "%s/e", query); /* ask for english text */
else
- strcat(buf, query);
+ strncat(buf, query, buflen-1);
} else if (!isripe && streq(server, "whois.arin.net") &&
(p = strrchr(query, '/'))) {
strncat(buf, query, p - query); /* strip CIDR */
|